Hi Andrew,
Yes, this is for an ha cluster made of instances running in openstack.
I'm testing running a two node gfs2 (or perhaps ocfs2) cluster using
VMs. If I can get it all working and it's stable there are reasons why
running it as VMs would be handy (obviously). However, if there are
issues that derive from the node's virtualness, I have the option to run
these services on the physical hosts.
For this testing, I've used the private IP of each node that nova
provided when the nodes were booted. In my particular environment, I
automatically bring up nodes with names which identify their functions;
chef recipes then run and can search for the IP of the other partner
when configuring linux-ha (this is theoretical as I'm doing everything
by hand now; I can see that getting this right in recipes might be
non-trivial).
As for authentication: fence_openstack runs as root on the openstack
physical host(s); when it ssh's in, root's .bashrc sources the admin
creds from openstack so the call to nova list and nova reboot succeed.
Please note: as I said in the original post, my fence_openstack has 20
minutes of coding in it and not much more thinking about it. I assume
that someone who really knows these issues would fix any issues or shoot
down the methodology as unworkable, broken, insecure, etc... ;-) Given
your difficulties earlier, I'd not be terribly shocked if I've
overlooked something critical.
Best,
JR
On 2/18/2014 4:47 PM, Andrew Beekhof wrote:
>
> On 19 Feb 2014, at 9:15 am, JR <botemout@gmail.com> wrote:
>
>> Greetings,
>>
>> Someone on the linux-ha irc channel suggested that perhaps this agent
>> might be of use to others using openstack.
>>
>> Note: it's based on fence_virsh and was written in about 20 mins; it
>> seems to work for me but YMMV.
>
> Question... this is for openstack instances acting as cluster nodes?
> If so, how did you get them to use predictable IPs that corosync could bind to?
> Also, how did you provide authentication for the nova client?
>
> I created https://github.com/beekhof/fence_openstack but gave up on it because corosync wasn't able to function.
>
>
>
> _______________________________________________
> Linux-HA mailing list
> Linux-HA@lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
>
--
Your electronic communications are being monitored; strong encryption is
an answer. My public key
<
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4F08C504BD634953>
_______________________________________________
Linux-HA mailing list
Linux-HA@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha See also:
http://linux-ha.org/ReportingProblems